PEPR '25: 2025 USENIX Conference on Privacy Engineering Practice and Respect

Lukas Bundonis, Netflix; Ben Ballard, MITRE


The phrase "law enforcement response" is ambiguous. It most often describes the domain of legal engineering that comprises corporate disclosure of data to government authorities in response to a legal request for information. However, this definition oversimplifies an opaque process. Law enforcement requests for information and the legal processes that structure them resist comprehension by design. Wiretap and pen register orders (real-time surveillance), lawful intercept requests, emergency disclosure/data requests, and national security letters all fall into this category. However, basic types of information requests, such as subpoenas and warrants for information, are less opaque, and provide an opportunity for greater standardization of information disclosure. A discussion of law enforcement response systems in the context of data privacy therefore bears merit. This is especially true when viewed through the complementary lenses of a concept Lawfare fellow Alan Rozenshtein coined in 2018—"surveillance intermediaries"—and an increasingly aggressive series of nation-state intelligence operations targeting sensitive corporate infrastructure. This short talk will explore what intermediaries are, why they matter, some of the risks posed to their sensitive systems, and what the speakers believe we all can do as privacy professionals to better defend them.


https://www.usenix.org/conference/pepr25/presentation/bundonis

Sam Havron, Meta

When a privacy incident occurs, our incident management process kicks in to quickly identify the root cause, mitigate the issue, and conduct a post-mortem review. While a post-mortem ensures the same incident doesn't reoccur, we want to take a more proactive approach and prevent similar incidents and enhance our privacy posture. This however could face challenges resulting from a lack of visibility and insufficient metrics. Incident owners may not be aware of similar incidents that require joint analysis, leading to missed systemic root causes. Furthermore, measurements to determine the frequency of similar incidents could be lacking to assess the effectiveness of our prevention efforts. To address these challenges, we've developed a program along with tooling to identify, analyze, and remediate systemic privacy incidents. In this talk, we'll cover our approach to tackling these clusters, including:

• Automated Cluster Identification: Using heuristic and LLM-based methods to automatically identify clusters
• Analysis and Remediation: Analyzing prioritized systemic clusters and holding teams accountable for remediation
• Regression Alerting: Implementing alerting systems to detect regressions and prevent similar incidents from happening again

Join us as we share our experiences and insights on tackling systemic privacy incident clusters and improving incident management processes.

Authors: Sam Havron, Meta (Speaker); David Huang, Meta (Not Speaking)

https://www.usenix.org/conference/pepr25/presentation/havron

Cat Easdon, Dynatrace Research; Patrick Berchtold, Dynatrace


Observability platforms provide development and operations teams with insights into their distributed systems, typically combining logs, metrics, and traces with additional telemetry for use cases such as runtime security monitoring and understanding user behavior. While this data is tremendously useful for troubleshooting and product development, it also poses privacy challenges. In this session, we'll consider these challenges through an offensive privacy lens, presenting our research conducting reconstruction attacks against aggregated user session data. We'll explore how offensive privacy research can be used to support the business case for a new product privacy feature, discuss the unique aspects of privacy threat modeling in a business-to-business (B2B) setting, and consider runtime mitigations to halt reconstruction attacks earlier in the 'privacy kill chain'.


https://www.usenix.org/conference/pepr25/presentation/easdon

Katharina Koerner, Trace3; Nandita Rao Narla, DoorDash


The NIST AI Risk Management Framework has emerged as a popular choice among US based organizations aiming to build responsible AI governance programs. However, real-word adoption of this very comprehensive framework is both challenging and onerous—often falling on privacy engineers who are voluntold to lead AI governance efforts. This presentation will explore key lessons learned from implementing the NIST AI RMF for different industries, highlighting how existing privacy infrastructure, policies, and other governance frameworks can serve as a foundation for AI risk management and compliance. We will also uncover common pitfalls and present a lightweight approach to jumpstart this framework adoption.


https://www.usenix.org/conference/pepr25/presentation/koerner

Norman Sadeh and Lorrie Cranor, Carnegie Mellon University


Recent privacy regulations impose increasingly stringent requirements on the collection and use of data. This includes more specific obligations to disclose various data practices and the need to provide data subjects with more comprehensive sets of choices or controls. There is also an increasing emphasis on user-centric criteria. Failure to offer usable notices and choices that people can truly benefit from has become a significant privacy threat, whether one thinks in terms of potential regulatory penalties, consumer trust and brand reputation, or privacy-by-design best practices. This presentation will provide an overview of UsersFirst, a Privacy Threat Modeling framework intended to supplement existing privacy threat modeling frameworks and to support organizations in their analysis and mitigation of risks associated with the absence or ineffectiveness of privacy notices and choices. Rather than treating privacy notices and choices as mere checkboxes, UsersFirst revolves around user-centric interpretations of these requirements. It is intended to reflect an emerging trend in privacy regulations where perfunctory approaches to notices and choices are no longer sufficient, and where instead notices and choices are expected to be noticeable, usable, unambiguous, devoid of deceptive patterns, and more. The presentation will include results of a detailed evaluation of the UsersFirst user-centric threat taxonomy with people working and/or trained in privacy.


https://www.usenix.org/conference/pepr25/presentation/sadeh

Phillip Ward, Canva


Canva's mission is to empower the world to design. A major challenge to that mission is securing the data required to build the AI-powered tools that modern professionals love. This is not just the newest and fanciest generative-AI tools. Even the humble background remover and template library search functions require data that represents our user community in order to perform at the level our users expect. To create the best experience for users, this data must be as unique and diverse as our community, and as we scale, data from our growing community is essential to building a better product. However, no one can do their best creative work if they do not feel safe and empowered. We want our users to experience high quality protection for their personal information and personal creations, so every use of their content must be carefully considered. In this talk, I will outline the AI consent platform that we have built. I will share how Canva built an end-to-end ecosystem to simultaneously empower users to control their data and power the next generation of AI tools. This ecosystem spans from the user experience of providing consent, to the controls and platforms that ensure our 100+ models respect user consent every day.


https://www.usenix.org/conference/pepr25/presentation/ward

Don Marti


The "privacy" offered by "privacy-enhancing technologies" (PETs) on the web is remarkably different from the privacy that users want and expect. People seek out privacy to avoid real-world privacy harms such as fraud and algorithmic discrimination, and PETs, focused on more narrow mathematical goals, can actually make the real privacy problems worse and harder to detect. Can today's PETs be fixed, or should the web move to more productive alternatives?


https://www.usenix.org/conference/pepr25/presentation/marti

Marc-Antoine Paré


Let's face it: explaining that "differential privacy is like blurring an image" doesn't get very far in communicating how and why this technology should be used. This talk breaks down data visualizations used over the course of a three-year differential privacy project for the Department of Energy that were used to unlock $5MM in funding from grant administrators, convince regulators of the effectiveness of privacy protection, and generate excitement from industry partners for adoption. While past work in this sector failed to get past academic discussions, this project culminated in two large-scale data releases, subject to a strong differential privacy guarantee (ε=4.72 and δ=5.06⋅10^−9). Practitioners will walk away with ideas and inspiration for bridging the variety of communication gaps found in real-life privacy projects.


https://www.usenix.org/conference/pepr25/presentation/pare

Curtis Mitchell, xD, United States Census Bureau


The ability to work with genomic datasets across institutions is a promising approach to understanding and treating diseases such as rare cancers. However, the sharing of genomic data raises challenging legal and ethical concerns around patient privacy. In this talk we will present on ongoing work between the National Institute of Standards and Technology (NIST), the US Census Bureau, and other organizations to explore metrics and use cases for privacy-preserving machine learning on genomic data. We will discuss the goals of the project, the technical architecture of the project using privacy-preserving federated learning, and the initial results on performance and privacy metrics we have obtained using plant genomic data as an initial stand-in for human genomic data.


Additional authors: Gary Howarth and Justin Wagner, NIST; Jess Stahl, Census; Christine Task and Karan Bhagat, Knexus; Amy Hilla and Rebecca Steinberg, MITRE


https://www.usenix.org/conference/pepr25/presentation/mitchell

Alex Kulesza


What happens when the philosophical aspirations of differential privacy collide with practical reality? Reflecting on seven years of experience building and deploying differential privacy systems at Google, I will describe in this talk some of the ways in which a focus on worst-case outcomes both enables and discourages an honest accounting of privacy risk.


https://www.usenix.org/conference/pepr25/presentation/kulesza

Daniele Romanini, Resolve


In today's data-driven landscape, organizations often seek collaborative analytics to gain cross-organizational insights while upholding stringent privacy standards. This talk introduces a practical approach to adopting a Secure Multi-Party Computation (MPC) system for cloud-based data analytics. Leveraging open-source frameworks such as Carbyne Stack and MP-SPDZ, we have developed features to enable non-cryptographic and non-MPC expert developers to perform private analytics using intuitive, Python-like code. In this talk, we focus on the practical features that a real-world MPC solutions should have, presenting lessons learned and the key modification to an existing framework to reach a stable deployment.

We explain how we enhanced usability and functionalities of the existing framework (Carbyne Stack with MP-SPDZ), such as implementing the support for a semi-honest security model, which is less expensive and more practical than a malicious one in some real-world settings. We also address practical considerations of cost and performance, presenting strategies to optimize infrastructure deployment and algorithm-level enhancements to improve costs and enable complex analytics. Moreover, we illustrate a practical example on how the platform can be leveraged in the AdTech world. This presentation aims to demonstrate that secure and efficient cross-organizational data analytics are achievable, even for developers without specialized MPC expertise.

Authors: Adrián Vaca Humanes, Gerardo González Seco, Daniele Romanini, Goran Stipcich


https://www.usenix.org/conference/pepr25/presentation/romanini-unlocking

Saikrishna Badrinarayanan and Chris Harris, LinkedIn


Advertising platforms rely heavily on activity data to measure and optimize ads performance. With current privacy regulations and platform requirements, LinkedIn is held to increasingly rigorous standards in the handling of our members' personal data. This is acute for our ads business, as we adhere to strict regulations that necessitate stringent measures when handling user data, including data minimization, which is almost expanding into a global requirement. These regulations continue to evolve, requiring constant adaptation to new standards, while our data pipelines were originally established in a time when the use of personal data was less regulated.

Motivated by the principle of building privacy by design, we undertook a comprehensive project involving numerous stakeholders to address these challenges, and built an end-to-end robust pipeline that de-identifies advertising activity data. The goal of this project was to ensure that user information is protected while still enabling processing on this de-identified data to generate valuable analytics and enable advertisers to learn the effectiveness of their ad spend. We have onboarded products such as performance reporting and billing as the hero use-cases onto this pipeline. This talk will cover the design, implementation and innovative aspects of this pipeline. We will discuss the various privacy enhancing technologies we applied, our system architecture, challenges faced such as scalability (to process billions of events a day) and balancing privacy with the needs of the business. Finally, we will also highlight the outcomes and practical insights gained from this project.


https://www.usenix.org/conference/pepr25/presentation/badrinarayanan

Daniele Romanini, Resolve


In graph data, particularly those representing human connections, the structure of relationships can inadvertently expose individuals to privacy risks. Recent research indicates that even when traditional anonymization techniques are applied, the unique patterns within a user's local network—referred to as their "neighborhood"—can be exploited for re-identification. This talk delves into the complexities of anonymizing graph data, emphasizing that connections themselves serve as distinctive features that can compromise user privacy.
This talk examines the relationship between a network's average degree (i.e. the amount of nodes' connections) and the severity of uniquely identify a node in it solely based on the network's structure. We discuss how understanding these risks can inform the design of privacy-aware data collection and anonymization methods, ensuring that the benefits of data sharing are balanced with the imperative to protect individual privacy.

Authors: Daniele Romanini and Sune Lehmann, Technical University of Denmark; Mikko Kivelä, Aalto University


https://www.usenix.org/conference/pepr25/presentation/romanini-network

Daniel Gagne, Meta


This talk goes into detail about the data classification processes at Meta, where we assign metadata about the semantics, actor, and other attributes of the data. We start by defining a taxonomy to support categorization based on the nature of data and regulatory requirements which will be used to ensure appropriate data usage. This supports a wide variety of privacy policies such as access control, deletion, and purpose limitation. We then take a bytes up approach to scan data, extract features, and infer labels from the taxonomy. We also detail challenges with different data storage patterns, classification approaches and quality measurement.

Additional Author: Giuseppe M. Mazzeo


https://www.usenix.org/conference/pepr25/presentation/gagne

Charles de Bourcy, OpenAI


This talk explores how Large Language Models can enhance Data Minimization practices compared to traditional methods. Advanced contextual understanding can accelerate data classification across an organization's storage locations, improve de-identification of text corpora, and streamline internal governance mechanics. The talk will propose architectures for combining LLM-based tools of various kinds with other techniques like lineage tracing to facilitate proactive data minimization and prevent data sprawl.


https://www.usenix.org/conference/pepr25/presentation/bourcy